The invention relates generally to computing systems and more particularly to a method and system for providing secure data transmissions between Internet users.
Public-key based secure messaging systems allow users to communicate securely over the Internet. Examples of public-key based secure messaging systems include S/MIME (see RFC3850-3855 of IETF) and PGP (see RFC 2440 of IETF). Although such systems have existed for many years and have been promoted by major companies, very few people use such systems today. One problem with these systems is that the recipient must have a pair of public and private keys before the message can be encrypted and sent to the recipient. In other words, the recipient must be enrolled into the system first before any sender can send a secure message to the recipient. Another problem with this type of system is that an impostor can publish a public key and claim that it belongs to someone else. To address this issue, a trusted certificate authority (CA) is needed to authenticate individuals and certify to others that the individual's public key is authentic. Unfortunately, this adds further complexity to the recipient enrollment process because the recipient not only needs to generate a pair of public and private keys but also must contact the CA to have the public key certified before any sender can send a secure message to the recipient. Even after the recipient has generated a pair of public and private keys and has obtained a certificate, the sender still cannot send a secure message to the recipient. The sender must somehow obtain the recipient's certificate from the recipient before sending a message to the recipient. The requirement that a recipient must be enrolled first before a message can be sent and the high barrier that both the sender and the recipient must overcome to become enrolled are major reasons why these prior art systems have not been widely accepted.
David Cook and the same inventor of the present invention have disclosed a secure transmission system (U.S. Pat. No. 6,760,752) that significantly reduces the barrier for a user to be enrolled. The system hosts every user's public key in a central key server. A user only needs to generate a pair of public and private keys and answer a confirmation email to become enrolled. The recipient's public key is retrieved and certified each time when a message is sent to the recipient. However, the system still requires the recipient to be enrolled first before a message can be sent to the recipient.
There are significant differences in terms of usability between a system that requires a recipient to be enrolled first before a message can be sent and a system that allows the message to be sent first before the recipient is enrolled. When a sender wants to send a secure message to a recipient not yet enrolled, the recipient usually has no idea that a secure message is coming. If the recipient must be enrolled first before the message can be sent, the sender must first communicate with the recipient and ask him/her to become enrolled. Then, the sender may need to wait for some time and check again to make sure that the recipient has been enrolled or wait until the recipient tells the sender that he/she has been enrolled before actually sending the message. The message cannot be sent immediately when the need for sending a secure message arises. The situation is particularly complex when an identical message needs to be sent to multiple recipients and some recipients are enrolled and some are not. If the message can be sent before the recipient is enrolled, then the sender can always send the message to any recipient regardless of whether the recipient is enrolled. Although the recipient may need to be authenticated and become enrolled before being able to read the message, a secure message sitting in the recipient's inbox waiting to be read gives the recipient greater incentive to go through an authentication and enrollment process. This will help enroll more users into the system. For these reasons, a system that allows a message to be sent before the recipient is enrolled offers significant advantages over a system that requires the recipient to be enrolled first before a message can be sent.
David Cook disclosed a secure forwarding system (U.S. Pat. No. 6,732,101) that allows a message to be sent to a recipient before the recipient is enrolled. The system first looks up the recipient's public key from a central key server. If the recipient's public key is found, the message will be encrypted using the recipient's public key and sent to the recipient directly. If the recipient does not have a public key in the central key server, the message will be encrypted and sent to a forwarding server where the recipient can pick up the message using a web browser through a secure link, such as SSL. The message can be sent regardless of whether the recipient is enrolled into the system. If the recipient is not already enrolled, the recipient is required to go through an authentication process to establish a password at the forwarding server before being able to pick up the message. The problem with the system disclosed by David Cook is that web-based delivery methods are less secure than public-key-based delivery methods. The forwarding server has access to every message stored there. Another problem with the system disclosed by David Cook is that a recipient enrolled into web-based delivery is usually stuck there. There is no easy way to turn him/her into a user of the public-key based delivery method.
Dan Boneh and Matthew Franklin have disclosed an Identity Based Encryption (IBE) system (US pre-grant publication No. 20030081785) that also allows a message to be sent to a recipient before the recipient is enrolled. In an IBE system, the “public key” is simply the identity of the recipient, such as the recipient's name or email address. The system does not require the recipient to generate a pair of public and private keys before the message can be sent, because the message can be encrypted simply using the recipient's identity. In order to decrypt the message, however, the recipient is required to authenticate him/herself to a central server, and the central server will generate the corresponding private key for the recipient and the recipient can use the private key to decrypt the received messages. The problem with this system is that the central server holds a “master secret” for generating every user's private key. In other words, the central server knows everybody's private key, and therefore, the system is less secure than a standard public-key based encryption system.
Neither the secure forwarding system disclosed by David Cook nor the identity-based encryption system disclosed by Dan Boneh and Matthew Franklin can offer the same level of security provided by a standard public-key based encryption system. In a standard public-key based encryption system, the user who generates the public/private key pair is usually the only person who has access to the private key and can decrypt a message encrypted using the corresponding public key. No master secret or forwarding server exists that can derive any user's private key or obtain the message content without the private key. Prior art systems, therefore, either can not offer the capability of allowing a message to be sent before the recipient is enrolled or can offer such a capability but at the cost of degraded security. There is a need for a system and method that offers the capability of allowing a secure message to be sent before the recipient is enrolled while preserving as much as possible the high level security provided by a standard public-key based encryption system.